Closed Bug 1202186 Opened 5 years ago Closed 5 years ago
Hide password in calls of console
.log() and console .error()
40 bytes, text/x-review-board-request
Calls of console.log(...) and console.error(...) will show password in uri. It should be hidden. Bug 1197791 will add GetAnonymousSpec() function to nsIURI to hide the password. It can use this function
Does this still need to happen? AFAICT this has been fixed at the core level?
If you mean that bug 197791 has fix this. No, it did not fix this problem. console.log() and console.error() do not use nsScriptError. I have open this bug because I do not know this code to decide where is the right place to fix it. The fix is easy if you know the right place.
I don't have access to bug 1197791 to see what the fix looks like, but presumably you'd want to make the same changes to Console.cpp.
Bug 1202186 - use nsISensitiveInfoHidden for console methods, r?past
Attachment #8660890 - Flags: review?(past)
To be clear, I don't know the code here well enough to be sure this is comprehensive enough, but it seemed to work in my very very very limited testing. I also don't know if/which tests are likely to break because of this change.
Comment on attachment 8660890 [details] MozReview Request: Bug 1202186 - use nsISensitiveInfoHidden for console methods, r?past baku knows this code better than me.
Attachment #8660890 - Flags: review?(past) → review?(amarchesini)
Comment on attachment 8660890 [details] MozReview Request: Bug 1202186 - use nsISensitiveInfoHidden for console methods, r?past https://reviewboard.mozilla.org/r/19213/#review17159 lgtm! ::: dom/base/Console.cpp:39 (Diff revision 1) > +#include "nsISensitiveInfoHiddenURI.h" alphabetic order. Move it to line 38. ::: dom/base/Console.cpp:1224 (Diff revision 1) > + event.mFilename.Assign(NS_ConvertUTF8toUTF16(spec)); CopyUTF8toUTF16(spec, event.mFilename);
Attachment #8660890 - Flags: review?(amarchesini) → review+
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Whiteboard: [adv-main43+] → [adv-main43-]
You need to log in before you can comment on or make changes to this bug.